When is alt data illegal?

Alternative data or alt data is now fueling investment decisions at the world's leading private investment funds. So, when does the use of alt data violate securities laws? We asked a leading securities law expert Igor Rozenblit who previously led the private funds unit of the U.S. Securities and Exchange Commission (SEC).

Alt data includes internet scrapings, satellite data, app data, and other non-traditional investment information. Rozenblit explains when alt data qualifies as material non-public information (NMPI) and which securities laws are implicated in the misuse of MNPI. He goes on to share insights from SEC EXAMS actions and discusses the infamous App Annie case and what it means for private funds that use alt data to power investment decisions.

Igor Rozenblit is a securities law expert and previously served as the co-head of the private funds unit of the SEC.

Additional Resources

Cases Discussed

SEC Charges App Annie and its Founder with Securities Fraud – Press Release, U.S. Securities and Exchange Commission


Relevant Law

Section 10(b) of the Exchange Act makes it unlawful:

To use or employ, in connection with the purchase or sale of any security registered on a national securities exchange or any security not so registered, or any securities-based swap agreement [1] any manipulative or deceptive device or contrivance in contravention of such rules and regulations as the Commission may prescribe as necessary or appropriate in the public interest or for the protection of investors.

Securities Exchange Act of 1934

Section 17(a) of the Securities Act

Use of interstate commerce for purpose of fraud or deceit

It shall be unlawful for any person in the offer or sale of any securities (including security-based swaps) or any security-based swap agreement (as defined in section 78c(a)(78) of this title) by the use of any means or instruments of transportation or communication in interstate commerce or by use of the mails, directly or indirectly—

(1) to employ any device, scheme, or artifice to defraud, or

(2) to obtain money or property by means of any untrue statement of a material fact or any omission to state a material fact necessary in order to make the statements made, in light of the circumstances under which they were made, not misleading; or

(3) to engage in any transaction, practice, or course of business which operates or would operate as a fraud or deceit upon the purchaser.

Securities Act of 1933


Related Interviews

Alt Data and the SEC – a 30 min interview with Igor Rozenblit

When is alt data illegal? Brief Transcript

An Interview with former SEC Official, Igor Rozenblit. 

Joel Cohen (host): Over the last few years, alternative data or alt data has been changing the way investment funds make decisions. Today investments valued in the millions of dollars or even billions can be based on information such as internet scrapings or satellite imagery, but with so much alt data in finance, how has the SEC responded? Our guest today is Igor Rozenblit who long served as the head of the private funds unit at the SEC and who now is a partner at the regulatory consulting firm Iron Road Partners. Igor, welcome to TalksOnLaw.

Igor Rozenblit: Thanks, Joel. 


What is alt data? 

Host: Today we're talking about alt data. Maybe let's put on the table a quick definition. What are we talking about when we say alt data?

Igor Rozenblit: There is no alternative data definition from the government, and I don't think that's particularly relevant to the SEC. Data is just data. I think the SEC feels comfortable with the traditional data sources such as 10Qs and 10Ks pose little risk in MNPI (material nonpublic information) and when the at least the EXAMS division thinks about where they're going to look, they look at data as a whole and inevitably it's alternative data.


When is the use of alt data criminal? 

Host: Why don't we get into a quick conversation on when alt data is illegal. I guess, at the top, you mentioned there's some privacy concerns, but let's focus on the securities law aspect. When and how does alternative data, how is it used illegally? 

Igor Rozenblit: There are a couple of threshold questions before you can determine whether or not the data that you're using is being used in a legal way. Then, the first question is, is the alternative data that you're using material non-public information? And that, as I think many of your listeners know, is a very hazy topic, and there are no hard and fast rules around that topic. But there are a couple of rules of thumb. So, any data, I think, that's obtained in a public way is probably safer than data that is not obtained in a public way.  So for instance, any satellite data where the satellite is kind of orbiting the earth and taking pictures that anyone could obtain is probably not MNPI. Whereas, any data that you get from credit card transactions from people's credit card transactions, which is not readily accessible by anyone does run the risk of being MNPI. And there are various data sets and various approaches to getting data that could fall into one or the other category. For example. app data might be closer to MNPI. Whereas, data coming off of location services might be a little bit farther away from MNPI.  And what we advise folks to do is, unless they are fairly comfortable defending the notion that the data set they're using is not MNPI, they should treat it as if it was MNPI and take precautionary measures from there. 


Alt Data and the App Annie Case

Host: Igor, there's been somewhat of a famous case involving alt data. This was the App Annie case. Could you walk us through what happened there and how all data was was found to be violating securities law?

Igor Rozenblit: Sure, so App Annie is a company out in San Francisco that develops software that sits on most apps that you use on your phone, and as you use the apps it collects data about how you use the apps, what apps you interact with, and how often you interact with those apps. It packages that data and offers that data for sale to various parties including parties who advertise to you and including hedge funds which could use that data to trade. In this particular case, App Annie represented to their hedge fund clients that they were providing “panel data.” So, this wasn't the actual data about app usage for every single app for every single person, but in fact it was just a panel of different apps put together that hedge funds could use for some directional guidance about how apps were being used in general. So it wasn't specific information. The problem was that it wasn't anonymized, and it was specific information. And it was excellent data that hedge funds could use to trade and it's that misstatement that App Annie made to its clients that ultimately caused them to be charged under section 10(b) which is the section usually used for insider trading laws, and to date, that is the only kind of securities law alternative data case out there. But on the heels of that, a lot of questions have been asked, and one of the questions is if you sell de-anonymized data from an app data provider that's really good data and it also could be obvious that it is not the data that you contracted to buy from this particular vendor.

Host: Yeah that's an interesting point that you raised because, in the App Annie case, it was App Annie the data aggregator…

Igor Rozenblit: Seller. 

Host: That was in the sights of the SEC, not the actual funds. Is there a reason for that? 

Igor Rozenblit: I think that the reason for that is that App Annie made some affirmative misstatements. They basically lied about what data they were selling to clients and so if you're a government entity and you're looking for one particular perpetrator, you're likely to hang your hat on the perpetrator that actually affirmatively misstated something as opposed to one of their clients who could have been lied to, which is actually what the order said, but who might also have looked at the data and said, you know what, this isn’t the anonymized data this is not what I contracted for. I might not be able to use this for securities trading because it could be MNPI, and then use that data anyway… that's a much harder case than to go after the actual perpetrator which is what happened. 


Alt Data and Securities Laws 

Host: So you mentioned insider trading, are there other securities laws that are are implicated here when it comes to using alt data? 

Igor Rozenblit: Another part of all data that we actually haven't touched on yet is internal data science teams and internal data generation. and I think most of that boils down to web scraping.  And one could say that web scraping is not MNPI because by definition, if something is on the web it's publicly available, but there are sections of web scraping that I think is worth some consideration. The two particular ones are are Captchas which are designed to make sure that whoever's interacting with the website isn't a robot, and of course you are a robot if you're web scraping. There are two kinds of Captchas. One where you just have to solve the Captcha and one where you have to click I am not a robot. And I think for that second kind, it's worth considering whether or not it could be considered deceptive to click that box. The other kind of web scraping that should kind of fall under the purview of compliance programs is any data that is obtained from a website where you have to log in. So, if you have to create an account, enter in your personal information, log in, agree to a terms of service, I think it’s worth analyzing at least the terms of service to see whether or not you can scrape past the login. I will tell you that industry practice right now is to scrape past captchas. but not to scrape past logins, but everyone really has a different approach to solving that problem. 

Host: So the SEC wants to make sure that not only are companies not trading on material nonpublic information, but that they're not running a muck, violating every website's terms of service in the process?

Igor Rozenblit: I don't think so. I think in the U.S., it's perfectly legal to trade on material nonpublic information as long as you don't have a duty to keep that information private, or as long as you didn't obtain that information using some form of deception. Logging into a website or clicking “I am not a robot,” when you are a robot could be considered deception. So, to the extent that you're getting material nonpublic information from websites, and you have stipulated that you are not a robot, or you have agreed to terms of service that say you cannot use the information obtained for various activities, that could be considered deception. And stepping back from MNPI, any information obtained using deception could violate another securities law that prevents deceptive practices.

Host: Which one is that one? 

Igor Rozenblit: Well, there the securities laws are pretty flexible in that. So, in section 10(b), which is the section that App Annie was charged under, is a section that prohibits misstatements of material fact or omissions of material fact in securities transactions. Section 17(a) of the Securities Act prohibits the same. So, it'll just take a creative investigator to explain to a judge how you're agreeing to a click rap agreement where that says “you are not a robot” when in fact you could be viewed as a misstatement of material fact when you're engaged in the securities transaction. So I don't think that's actually that far afield for what could happen. It just, I think, takes some desire on the part of someone to go ahead and make that case. There's another section in the securities laws section 204A which relates to each investment manager being required to develop sufficient policies and procedures to avoid mishandling of material nonpublic information. And it's that regulation, not the insider trading laws, that I think are most at issue for fund managers. It's really hard to establish insider trading. You need, for instance, intent in order to be insider trading, whereas for this particular section, you just need to have insufficient policies and procedures to handle data. and I think that most managers who use alternative data are at some risk of violating that particular provision. What we've seen on exams at Iron Road is that that is the provision that is cited by the EXAMS staff when issues in alternative data arise.